Technological Innovations & Implications for Data & Privacy

Screen Shot 2016-03-31 at 1.34.24 PM
Retrieved from


Anyone in the healthcare field is familiar with the Health Insurance Portability and Accountability Act or HIPAA, a federal law created to ensure individual privacy and protect personal health information.1,3 There have been concerns regarding telehealth’s ability to uphold this guarantee of privacy – concerns of increased vulnerabilities. Telehealth involves more than just the patient and provider. The companies who create the equipment, the vendors who work to transmit the data, and others are also held accountable for protection of patient information by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.2,3 While technological advancements alone cannot guarantee protection of personal health information, they can aid in the process with features such as software and network encryption, password protection, etc..1

Often included as a branch of telehealth is mHealth or mobile health where tools such as wearable devices and mobile applications transmit data intended to go to pre-approved parties like a healthcare provider or friends and family. However, there are limitations on the regulation of this information sharing – for example, financers and third party advertisers that sponsor mobile applications can access and use information collected by these devices.2 This information is often disclosed in small, lengthy, legal print that few people read and/or understand.2 The Fair Trade Commission Act and to some extent the Food and Drug Administration (FDA) are responsible for preventing and managing deceptive uses of this information; however, if the patient agrees to the terms and conditions (which we often do without reading just so we can use the product), that protection is somewhat minimized.2

Screen Shot 2016-03-31 at 1.44.18 PM
Retrieved from

When telecommunication is taking place between two providers or two healthcare settings, networks are HIPAA-compliant making them more secure – privacy can be more easily ensured.2 However, as many states break down the barriers around eligible telehealth sites and use of mHealth equipment becomes more utilized, that same security cannot be as easily ensured on the patient’s end.2 These scenarios make breaching of confidentiality or unauthorized access to protected health information a greater risk.2

As mentioned above, data encryption makes great strides at protecting personal information. “End to end” encryption (meaning from provider to patient and vice versa) ensures that all information is only unencrypted if accessed at either of those two end-points. Data that is accessed between those two end points (i.e. during transmission or storage) is essentially meaningless to the hacker.2

Screen Shot 2016-03-31 at 1.52.20 PM
Retrieved from

Authentication or other access control mechanisms are also useful tools in controlling who has access to the protected health information.2 Another data protection strategy involves limiting the distribution of telehealth software and devices to in-person visits to verify who is attaining this technology and who it is coming from.2 Requiring a face-to-face initial visit in order to get the telehealth system set-up can be seen as a nuisance to some, and possibly a relief to others.

The very foundation of telehealth is technological innovation. As with all technology, privacy is always a concern. However, the implications of misusing healthcare data carry a heavier weight to many people. Concerns over data security and patient privacy are at the very root of telehealth barriers. Much progress has been made as discussed above, but in no way is the struggle over.



Center for Connected Health Policy (CCHP). (2016). HIPAA. Retreived from

Hall, J.L. & McGraw, D. (2014). For telehealth to succeed, privacy and security risks must be identified and addressed. Health Affairs, 33(2), 216-221. doi: 10.1377/hlthaff.2013.0997.

Schweitzer, E.J. (2013). Reconciliation of the cloud computing model with US federal electronic health record regulations. Journal of American Medical Informatics Association, 19, 161-165. doi: 10.1136/amiajnl-2011-000162.


One thought on “Technological Innovations & Implications for Data & Privacy

  1. As technology continues to infiltrate technology in new ways, practice is changing more rapidly then laws can keep up. Telehealth is one way that can vastly expand the reach of providers and accessibility to health, particularly in rural and remote areas (1). However, in order to fully take advantage of this technology, privacy issues need to be addressed (1).

    I found your blog this week quite interesting, as I had not really thought about the 3rd party collectors of data collected on devices designed to send the information directly to a provider. What then, might they be able to do with that data? Sell it? Many phone applications that are designed to integrate health with convenience also require agreeing to terms of allowing the app permission to various aspects (contacts, phone, camera, etc) itself- where does it end? How can legislation/regulations begin to try to keep up with technological leaps and bounds that occur seemingly overnight? Alternatively, are we becoming a nation where we will forgo our privacy in exchange for convenience, or even access to care?

    1. Gold, A. (2014, ). CDT: Privacy, security concerns at forefront of telehealth. Retrieved from


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s